[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Freeradius, MSCHAP, and Active Directory

Subject: [ale] Freeradius, MSCHAP, and Active Directory
From: eholcroft at mkainc.com (Edward Holcroft)
Date: Thu, 26 Feb 2015 14:47:13 -0500
In-reply-to: <CAAt=rgC6kp+Df4cfz0J=oRTfScg0WGCDruExxyxdgmBE1oCs1A@mail.gmail.com>
References: <CAAt=rgAXEdweskbLF+EW0Zj88+p078KTpYmuuw4U66-nj7KBBw@mail.gmail.com> <[email protected]> <CAAt=rgC6kp+Df4cfz0J=oRTfScg0WGCDruExxyxdgmBE1oCs1A@mail.gmail.com>

Make sure winbind is running. That held me up for the longest time.

Have you joined the Radius box to the AD domain?

What do you get when you do:

ntlm_auth --request-nt-key --domain=your.domain --username=Administrator

If you do not get NT_STATUS_OK: Success (0x0)

then you need to fix that first.


Do you have this entry under the mschap section?
>>
>>
>>                 with_ntdomain_hack = yes
>
>
> That got deprecated in favor of the "realm ntdomain" config as far as I
> can tell. So I don't have the hack enabled, but I do have:
>
> ```
> ntlm_auth = "/bin/ntlm_auth --request-nt-key
> --username=%{%{mschap:User-Name}:-None}
> --domain=%{%{mschap:NT-Domain}:-None}
> --challenge=%{%{mschap:Challenge}:-00}
> --nt-response=%{%{mschap:NT-Response}:-00}"
>


?Is that just an example that you're quoting, or is that your actual config
line? My working /etc/freeradius/modules/mschap?

?contains this:

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
--domain=%{mschap:NT-Domain:-MKA.LOCAL}
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}"

where MKA.LOCAL is my AD domain.
?
?I am using the with_ntdomain_hack=yes version of freeRadius, so cannot
comment on realm ntdomain.?

?ed?

-- 
Edward Holcroft | Madsen Kneppers & Associates Inc.
11695 Johns Creek Parkway, Suite 250 | Johns Creek, GA 30097
O (770) 446-9606 | M (770) 630-0949

-- 
MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc. WARNING/CONFIDENTIALITY 
NOTICE: This message may be confidential and/or privileged. If you are not 
the intended recipient, please notify the sender immediately then delete it 
- you should not copy or use it for any purpose or disclose its content to 
any other person. Internet communications are not secure. You should scan 
this message and any attachments for viruses. Any unauthorized use or 
interception of this e-mail is illegal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150226/146c2ddd/attachment.html>

Follow-Ups:
- [ale] Freeradius, MSCHAP, and Active Directory
  - From: james.sumners at gmail.com (James Sumners)

References:
- [ale] Freeradius, MSCHAP, and Active Directory
  - From: james.sumners at gmail.com (James Sumners)
- [ale] Freeradius, MSCHAP, and Active Directory
  - From: James.Taylor at eastcobbgroup.com (James Taylor)
- [ale] Freeradius, MSCHAP, and Active Directory
  - From: james.sumners at gmail.com (James Sumners)

Prev by Date: [ale] Freeradius, MSCHAP, and Active Directory
Next by Date: [ale] Freeradius, MSCHAP, and Active Directory
Previous by thread: [ale] Freeradius, MSCHAP, and Active Directory
Next by thread: [ale] Freeradius, MSCHAP, and Active Directory
Index(es):
- Date
- Thread